sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

First draft of an 0.2.3.3-alpha changelog

This commit is contained in:
Nick Mathewson 2011-08-31 01:02:38 -04:00
parent a7c07605d0
commit 38ee959ea9
24 changed files with 135 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
ChangeLog
View File

@ -1,3 +1,138 @@
Changes in version 0.2.3.3-alpha - 2011-0?-??
Tor 0.2.3.3-alpha adds a new major "stream isolation" feature to
improve Tor's security, and provides client-side support for several
the microdescriptor and optimistic data features introduced earlier in
the 0.2.3.x series. Also, it has numerous critical bugfixes in the
(optional) bufferevent-based networking backend.
o Major features:
- You can now configure Tor so that streams from different
applications are isolated on different circuits, to prevent an
attacker who sees your streams leaving an exit node from linking
your sessions to one another. To do this, choose some way to
distinguish the applications: have them connect to different
SocksPorts, or have one of them use SOCKS4 while the other uses
SOCKS5, or have them pass different authentication strings to the
SOCKS proxy. Then, use the new SocksPort syntax to configure the
degree of isolation you need. This implements Proposal 171.
- The microdescriptor system is now on by default for clients. This
allows clients to download a much smaller amount of directory
information. To disable it, set "UseMicrodescriptors 0" in your
torrc file.
- Tor's firewall-helper feature, introduced in 0.2.3.1-alpha, now
supports Windows.
- When using an exit nodes running 0.2.3.x, clients can now
"optimistically" send data before the exit node reports that the
stream has opened. This saves a round trip when starting
connections where the client speaks first. This behavior is
controlled by a (currently disabled) consensus parameter. To turn
it on or off manually, use the "OptimisticData" torrc
option. Implements proposal 181; code by Ian Goldberg.
o Major bugfixes (bufferevents):
- When using IOCP on windows, we need to enable Libevent windows
threading support. Bugfix on 0.2.3.1-alpha.
- The IOCP backend now works even when the user has not specified
the (internal, debbuging-only) _UseFilteringSSLBufferevents option.
Fixes part of bug 3752; bugfix on 0.2.3.1-alpha.
- Correctly record the bytes we've read and written when using
bufferevents, so that we can include them in our bandwidth history
and advertised bandwidth. Fixes bug 3803; bugfix on 0.2.3.1-alpha.
- Apply rate-limiting only at the bottom of a chain of filtering
bufferevents. This prevents us from filling up internal read
buffers and violating rate-limits when filtering bufferevents
are enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804.
- Add high-watermarks to the output buffers for filtered
bufferevents. This prevents us from filling up internal write
buffers and wasting CPU cycles when filtering bufferevents are
enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804.
- Correctly notice when data has been written from a bufferevent
without flushing it completely. Bugfix on 0.2.3.1-alpha; fixes
bug 3805.
- Fix a bug where server-side tunneled bufferevent-based directory
streams would get closed prematurely. Fixes 3814, bugfix on
0.2.3.1-alpha.
o Major bugfixes (on 0.2.2.x and earlier): [stet]
- If we're configured to write our ControlPorts to disk, only write
them after switching UID and creating the data directory. This way,
we don't fail when starting up with a nonexistent DataDirectory
and a ControlPortWriteToFile setting based on that directory. Fixes
bug 3747; bugfix on Tor 0.2.2.26-beta.
o Minor features:
- There's a new syntax for specifying multiple client ports (such as
SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare
multiple *Port entries with full addr:port syntax on each.
The old *ListenAddress format is still supported, but you can't
mix it with the new *Port syntax.
- Added a new CONF_CHANGED event so that controllers can be notified
of any configuration changes made by other controllers, or by the
user. Implements #1692.
- Use evbuffer_copyout() in inspect_evbuffer(). This fixes a memory
leak when using bufferevents, and lets Libevent worry about how to
best copy data out of a buffer.
- Replace files in stats/ rather than appending to them. Now that we
include statistics in extra-info descriptors, it makes no sense to
keep old statistics forever. Implements #2930.
o Minor features (build compatibility):
- Limited, experimental support for building with nmake and MSVC.
- Provide a substitute implementation of lround() for MSVC, which
apparently lacks it. Patch from Gisle Vanem.
o Minor features: [stet]
- Update to the August 2 2011 Maxmind GeoLite Country database.
o Minor bugfixes (on 0.2.3.x-alpha):
- Fix a spurious warning when parsing SOCKS requests with
bufferevents enabled. Fixes bug 3615; bugfix on 0.2.3.2-alpha.
- Get rid of a harmless warning that could happen on relays running
with bufferevents. The warning was caused by someone doing an http
request to a relay's orport. Also don't warn for a few related
non-errors. Fixes bug 3700; bugfix on 0.2.3.1-alpha.
o Minor bugfixes (on 2.2.x and earlier):
- The "--quiet" and "--hush" options now apply not only to Tor's
behavior before logs are configured, but also to Tor's behavior in
the absense of configured logs. Fixes bug 3550; bugfix on
0.2.0.10-alpha.
o Minor bugfixes (on 2.2.x and earlier): [stet]
- Write several files in text mode, on OSes that distinguish text
mode from binary mode (namely, Windows). These files are:
'buffer-stats', 'dirreq-stats', and 'entry-stats' on relays
that collect those statistics; 'client_keys' and 'hostname' for
hidden services that use authentication; and (in the tor-gencert
utility) newly generated identity and signing keys. Previously,
we wouldn't specify text mode or binary mode, leading to an
assertion failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when
the DirRecordUsageByCountry option which would have triggered
the assertion failure was added), although this assertion failure
would have occurred in tor-gencert on Windows in 0.2.0.1-alpha.
- Selectively disable deprecation warnings on OS X because Lion
started deprecating the shipped copy of openssl. Fixes bug 3643.
- Remove an extra pair of quotation marks around the error
message in control-port STATUS_GENERAL BUG events. Bugfix on
0.1.2.6-alpha; fixes bug 3732.
- When unable to format an address as a string, report its value
as "???" rather than reusing the last formatted address. Bugfix
on 0.2.1.5-alpha.
o Code simplifications and refactoring:
- Rewrote the listener-selection logic so that parsing which ports
we want to listen on is now separate form binding to the ports
we want.
o Build changes:
- Building Tor with bufferevent support now requires Libevent
2.0.13-stable or later. Previous versions of Libevent had bugs in
SSL-related bufferevents and related issues that would make Tor
work badly with bufferevents. Requiring 2.0.13-stable also allows
Tor with bufferevents to take advantage of Libevent APIs
introduced after 2.0.8-rc.
Changes in version 0.2.2.32 - 2011-08-27
The Tor 0.2.2 release series is dedicated to the memory of Andreas
Pfitzmann (1958-2010), a pioneer in anonymity and privacy research,

5
changes/bug1692
View File

@ -1,5 +0,0 @@
o Minor features:
- CONF_CHANGED event is provided so that controllers can be notified
of any configuration changes made by other controllers/SETCONF/HUP.
Implements #1692.

5
changes/bug2930
View File

@ -1,5 +0,0 @@
o Minor features:
- Replace files in stats/ rather than appending to them. Now that we
include statistics in extra-info descriptors, it makes no sense to
keep old statistics forever. Implements #2930.

5
changes/bug3550
View File

@ -1,5 +0,0 @@
o Minor bugfixes:
- The "--quiet" and "--hush" options now apply not only to Tor's
behavior before user-configured logs are added, but also to
Tor's behavior in the absense of configured logs. Fixes bug
3550; bugfix on 0.2.0.10-alpha.

15
changes/bug3607
View File

@ -1,15 +0,0 @@
o Minor bugfixes:
- Write several files in text mode, on OSes that distinguish text
mode from binary mode (namely, Windows). These files are:
buffer-stats, dirreq-stats, and entry-stats on relays that collect
those statistics; client_keys and hostname files for hidden
services that use authentication; and (in the tor-gencert utility)
newly generated identity and signing keys. Previously, we
wouldn't specify text mode or binary mode, leading to an assertion
failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when the
DirRecordUsageByCountry option which would have triggered the
assertion failure was added), although this assertion failure
would have occurred in tor-gencert on Windows in 0.2.0.1-alpha.

3
changes/bug3615
View File

@ -1,3 +0,0 @@
o Minor bugfixes:
- Fix a spurious warning when parsing SOCKS requests with
bufferevents enabled. Fixes bug 3615; bugfix on 0.2.3.2-alpha.

4
changes/bug3643
View File

@ -1,4 +0,0 @@
o Minor bugfixes:
- Selectively disable deprecation warnings on OS X because Lion started
deprecating the shipped copy of openssl. Fixes bug 3643.

6
changes/bug3700
View File

@ -1,6 +0,0 @@
o Minor bugfixes:
- Get rid of a harmless warning that could happen on relays running
with bufferevents. The warning was caused by someone doing an http
request to a relay's orport. Also don't warn for a few related
non-errors. Fixes bug 3700; bugfix on 0.2.3.1-alpha.

7
changes/bug3732
View File

@ -1,7 +0,0 @@
o Major bugfixes:
- Remove an extra pair of quotation marks around the error
message in control-port STATUS_GENERAL BUG events. Bugfix on
0.1.2.6-alpha; fixes bug 3732.

6
changes/bug3747
View File

@ -1,6 +0,0 @@
o Major bugfixes:
- Write control ports to disk only after switching UID and
creating the data directory. This way, we don't fail when
starting up with a nonexistant DataDirectory and a
ControlPortWriteToFile setting based on that directory. Fixes
bug 3747; bugfix on Tor 0.2.2.26-beta.

5
changes/bug3752
View File

@ -1,5 +0,0 @@
o Major bugfixes:
- The IOCP backend now works even when the user has not specified
the (internal, debbuging-only) _UseFilteringSSLBufferevents option.
Fixes part of bug 3752; bugfix on 0.2.3.1-alpha.

4
changes/bug3803
View File

@ -1,4 +0,0 @@
o Major bugfixes (bufferevents):
- Correctly record the bytes we've read and written when using
bufferevents, so that we can include them in our bandwidth history
and advertised bandwidth. Fixes bug 3803; bugfix on 0.2.3.1-alpha.

9
changes/bug3804
View File

@ -1,9 +0,0 @@
o Major bugfixes (bufferevents):
- Apply rate-limiting only at the bottom of a chain of filtering
bufferevents. This prevents us from filling up internal read
buffers and violating rate-limits when filtering bufferevents
are enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804.
- Add high-watermarks to the output buffers for filtered
bufferevents. This prevents us from filling up internal write
buffers and wasting CPU cycles when filtering bufferevents are
enabled. Bugfix on 0.2.3.1-alpha; fixes part of bug 3804.

5
changes/bug3805
View File

@ -1,5 +0,0 @@
o Major bugfixes (bufferevents):
- Correctly notice when data has been written from a bufferevent
without flushing it completely. Bugfix on 0.2.3.1-alpha; fixes
bug 3805.

4
changes/bug3814
View File

@ -1,4 +0,0 @@
o Major bugfixes (bufferevents):
- Fix a bug where server-side tunneled bufferevent-based directory
streams would get closed prematurely. Fixes 3814, bugfix on
0.2.3.1-alpha.

4
changes/fmt_addr
View File

@ -1,4 +0,0 @@
o Minor bugfixes:
- When unable to format an address as a string, report its value
as "???" rather than reusing the last formatted address. Bugfix
on 0.2.1.5-alpha.

3
changes/geoip-august2011
View File

@ -1,3 +0,0 @@
o Minor features:
- Update to the August 2 2011 Maxmind GeoLite Country database.

3
changes/le-win-threads
View File

@ -1,3 +0,0 @@
o Major bugfixes (IOCP):
- When using IOCP on windows, we need to enable Libevent windows threading
support. Bugfix on 0.2.3.1-alpha.

5
changes/microdescs_on
View File

@ -1,5 +0,0 @@
o Major features:
- The microdescriptor system is now on by default for clients. This
allows clients to use Tor while downloading a much smaller amount
of directory information. To disable it, set "UseMicrodescriptors 0"
in your torrc file.

4
changes/msvc_lround
View File

@ -1,4 +0,0 @@
o Build fixes:
- Provide a substitute implementation of lround() for MSVC, which
apparently lacks it. Patch from Gisle Vanem.

3
changes/nmake
View File

@ -1,3 +0,0 @@
o Minor features (build compatibility):
- Limited, experimental support for building with nmake and MSVC.

9
changes/optimistic-client
View File

@ -1,9 +0,0 @@
o Major features:
- When using an exit nodes running 0.2.3.1-alpha and later,
clients can now "optimistically" send data on a stream before
the exit node reports that the stream has opened. This can save
a round trip when starting connections with protocols where the
client speaks first. This behavior is controlled by a (currently
disabled) networkstatus consensus parameter. To turn it on or
off manually, use the "OptimisticData" torrc option. Implements
proposal 181; code by Ian Goldberg.

22
changes/prop171
View File

@ -1,22 +0,0 @@
o Major features:
- You can now configure Tor so that streams from different
applications are isolated on different circuits, to prevent an
attacker who sees your streams leaving an exit node from linking
your sessions to one another. To do this, choose some way to
distinguish the applications -- have them connect to different
SocksPorts, or have one of them use SOCKS4 while the other uses
SOCKS5, or have them pass different authentication strings to
the SOCKS proxy. Then use the new SocksPort syntax to configure
the degree of isolation you need. This implements Proposal 171.
o Minor features:
- There's a new syntax for specifying multiple client ports (such as
SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare
multiple ...Port entries with full addr:port syntax on each.
The old ...ListenAddress format is still supported, but you can't
mix it with the new SOCKSPort syntax.
o Code simplifications and refactoring:
- Rewrote the listener-selection logic so that parsing which ports
we want to listen on is now separate form binding to the ports
we want.

12
changes/require-le-2.0.13
View File

@ -1,12 +0,0 @@
o Build changes:
- Building Tor with bufferevent support now requires Libevent
2.0.13-stable or later. Previous versions of Libevent had bugs
in SSL-related bufferevents and related issues that would make
Tor work badly with bufferevents. Requiring 2.0.13-stable also
means that Tor with bufferevents can take advantage of Libevent
APIs introduced after 2.0.8-rc.
o Minor bugfixes:
- Use evbuffer_copyout() in inspect_evbuffer(). This fixes a memory
leak, and lets Libevent worry about how to best copy data out
of a buffer.